def setup(self): firstPath = self.preffix + self.testPath + self.suffix firstResponse = self.requester.request(firstPath) self.invalidStatus = firstResponse.status secondPath = self.preffix + RandomUtils.randString( omit=self.testPath) + self.suffix secondResponse = self.requester.request(secondPath) if self.invalidStatus == 404: # Using the response status code is enough :-} return # look for redirects elif firstResponse.status in self.redirectStatusCodes and firstResponse.redirect and secondResponse.redirect: self.redirectRegExp = self.generateRedirectRegExp( firstResponse.redirect, secondResponse.redirect) # Analyze response bodies self.dynamicParser = DynamicContentParser(self.requester, firstPath, firstResponse.body, secondResponse.body) baseRatio = float("{0:.2f}".format( self.dynamicParser.comparisonRatio)) # Rounding to 2 decimals # If response length is small, adjust ratio if len(firstResponse) < 2000: baseRatio -= 0.1 if baseRatio < self.ratio: self.ratio = baseRatio
def setup(self): first_path = self.prefix + (self.calibration if self.calibration else RandomUtils.rand_string()) + self.suffix first_response = self.requester.request(first_path) self.invalid_status = first_response.status if self.invalid_status == 404: # Using the response status code is enough :-} return second_path = self.prefix + (self.calibration if self.calibration else RandomUtils.rand_string( omit=first_path)) + self.suffix second_response = self.requester.request(second_path) # Look for redirects if first_response.redirect and second_response.redirect: self.redirect_reg_exp = self.generate_redirect_reg_exp( first_response.redirect, first_path, second_response.redirect, second_path, ) # Analyze response bodies if first_response.body is not None and second_response.body is not None: self.dynamic_parser = DynamicContentParser(self.requester, first_path, first_response.body, second_response.body) else: self.dynamic_parser = None self.ratio = float("{0:.2f}".format( self.dynamic_parser.comparisonRatio)) # Rounding to 2 decimals # The wildcard response is static if self.ratio == 1: pass # Adjusting ratio based on response length elif len(first_response) < 100: self.ratio -= 0.1 elif len(first_response) < 500: self.ratio -= 0.05 elif len(first_response) < 2000: self.ratio -= 0.02 else: self.ratio -= 0.01 # If the path is reflected in response, decrease the ratio. Because # the difference between path lengths can reduce the similarity ratio if first_path in first_response.body.decode( ) and len(first_response) < 100000: self.ratio -= 0.1
def setup(self): for path in self.testPath: firstPath = RandomUtils.randString() + '/' + path + self.suffix firstResponse = self.requester.request(firstPath) if firstResponse.status not in self.invalidStatus: self.invalidStatus.append(firstResponse.status) if firstResponse.status == 404: # Using the response status code is enough :-} continue # look for redirects secondPath = RandomUtils.randString() + '/' + path + self.suffix secondResponse = self.requester.request(secondPath) if firstResponse.status in self.redirectStatusCodes and firstResponse.redirect and secondResponse.redirect: self.redirectRegExp.append( self.generateRedirectRegExp(firstResponse.redirect, secondResponse.redirect)) # Analyze response bodies dynamicParser = DynamicContentParser(self.requester, firstPath, firstResponse.body, secondResponse.body) baseRatio = float("{0:.2f}".format( dynamicParser.comparisonRatio)) # Rounding to 2 decimals ratio = self.ratio # If response length is small, adjust ratio if len(firstResponse) < 2000: baseRatio -= 0.1 if baseRatio < self.ratio: ratio = baseRatio if self.dynamicParser: flag = 0 for _dynamicParser, __ in self.dynamicParser: _ratio = dynamicParser.compareTo(_dynamicParser.cleanPage) flag += _ratio > ratio if not flag: self.dynamicParser.append((dynamicParser, ratio)) else: self.dynamicParser.append((dynamicParser, ratio))
def setup(self): first_path = self.prefix + ( self.calibration if self.calibration else RandomUtils.rand_string() ) + self.suffix first_response = self.requester.request(first_path) self.invalid_status = first_response.status if self.invalid_status == 404: # Using the response status code is enough :-} return second_path = self.prefix + ( self.calibration if self.calibration else RandomUtils.rand_string(omit=first_path) ) + self.suffix second_response = self.requester.request(second_path) # Look for redirects if first_response.redirect and second_response.redirect: self.redirect_reg_exp = self.generate_redirect_reg_exp( first_response.redirect, first_path, second_response.redirect, second_path, ) # Analyze response bodies if first_response.body is not None and second_response.body is not None: self.dynamic_parser = DynamicContentParser( self.requester, first_path, first_response.body, second_response.body ) else: self.dynamic_parser = None base_ratio = float( "{0:.2f}".format(self.dynamic_parser.comparisonRatio) ) # Rounding to 2 decimals # If response length is small, adjust ratio if len(first_response) < 500: base_ratio -= 0.15 elif len(first_response) < 2000: base_ratio -= 0.1 if base_ratio < self.ratio: self.ratio = base_ratio
def setup(self): first_path = self.prefix + (self.calibration if self.calibration else rand_string()) + self.suffix first_response = self.requester.request(first_path) self.response = first_response if self.response.status == 404: # Using the response status code is enough :-} return duplicate = self.duplicate(first_response) if duplicate: # Another test had been performed and shows the same response as this self.ratio = duplicate.ratio self.dynamic_parser = duplicate.dynamic_parser self.redirect_parser = duplicate.redirect_parser self.sign = duplicate.sign return second_path = self.prefix + (self.calibration if self.calibration else rand_string( omit=first_path)) + self.suffix second_response = self.requester.request(second_path) if first_response.redirect and second_response.redirect: self.generate_redirect_reg_exp( first_response.redirect, first_path, second_response.redirect, second_path, ) # Analyze response bodies if first_response.body is not None and second_response.body is not None: self.dynamic_parser = DynamicContentParser(self.requester, first_path, first_response.body, second_response.body) else: self.dynamic_parser = None self.ratio = float("{0:.2f}".format( self.dynamic_parser.comparisonRatio)) # Rounding to 2 decimals # The wildcard response is static if self.ratio == 1: pass # Adjusting ratio based on response length elif len(first_response) < 100: self.ratio -= 0.1 elif len(first_response) < 500: self.ratio -= 0.05 elif len(first_response) < 2000: self.ratio -= 0.02 else: self.ratio -= 0.01 """ If the path is reflected in response, decrease the ratio. Because the difference between path lengths can reduce the similarity ratio """ if first_path in first_response.body.decode(): if len(first_response) < 200: self.ratio -= 0.15 + 15 / len(first_response) elif len(first_response) < 800: self.ratio -= 0.06 + 30 / len(first_response) elif len(first_response) < 5000: self.ratio -= 0.03 + 80 / len(first_response) elif len(first_response) < 20000: self.ratio -= 0.02 + 200 / len(first_response) else: self.ratio -= 0.01
def setup(self): if self.path is None or self.path is '': self.path = self.getRandomPath() firstpath_php = self.path + '.' + self.suffix[0] res1_php = self.requester.request(firstpath_php, True) secondpath_php = self.getRandomPath() + '.' + self.suffix[0] res2_php = self.requester.request(secondpath_php, True) firstpath_jsp = self.path + '.' + self.suffix[1] res1_jsp = self.requester.request(firstpath_jsp, True) secondpath_jsp = self.getRandomPath() + '.' + self.suffix[1] res2_jsp = self.requester.request(secondpath_jsp, True) firstpath_asp = self.path + '.' + self.suffix[2] res1_asp = self.requester.request(firstpath_asp, True) secondpath_asp = self.getRandomPath() + '.' + self.suffix[2] res2_asp = self.requester.request(secondpath_asp, True) if res1_asp.status_code == 404 and res1_php.status_code == 404 and res1_jsp.status_code == 404: self.flag = True else: if self.getHistory( str(res1_php.history )) in self.redirection_code and self.getHistory( str(res2_php.history)) in self.redirection_code: regExp = self.generateRedirectRegExp(res1_php.url, res2_php.url) self.redirection_regexp.append( regExp) if regExp not in self.redirection_regexp else 0 if self.getHistory( str(res1_jsp.history )) in self.redirection_code and self.getHistory( str(res2_jsp.history)) in self.redirection_code: regExp = self.generateRedirectRegExp(res1_jsp.url, res2_jsp.url) self.redirection_regexp.append( regExp) if regExp not in self.redirection_regexp else 0 if self.getHistory( str(res1_asp.history )) in self.redirection_code and self.getHistory( str(res2_asp.history)) in self.redirection_code: regExp = self.generateRedirectRegExp(res1_asp.url, res2_asp.url) self.redirection_regexp.append( regExp) if regExp not in self.redirection_regexp else 0 if res1_asp.status_code == 404 and res1_php.status_code == 404 and res1_jsp.status_code == 404: self.flag = True self.dynamic_php = DynamicContentParser(self.requester, firstpath_php, res1_php.text, res2_php.text) if self.dynamic_php is not None: ratio = float('{0:.2f}'.format( self.dynamic_php.comparisonRatio)) if self.base_ratio > ratio: self.base_ratio = ratio self.dynamic_jsp = DynamicContentParser(self.requester, firstpath_jsp, res1_jsp.text, res2_jsp.text) if self.dynamic_jsp is not None: ratio = float('{0:.2f}'.format( self.dynamic_jsp.comparisonRatio)) if self.base_ratio > ratio: self.base_ratio = ratio self.dynamic_asp = DynamicContentParser(self.requester, firstpath_asp, res1_asp.text, res2_asp.text) if self.dynamic_asp is not None: ratio = float('{0:.2f}'.format( self.dynamic_asp.comparisonRatio)) if self.base_ratio > ratio: self.base_ratio = ratio